You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
As a minio administrator, for security reason i want to have the ability to act on service account created by oidc users with minio-console.
The whole scope of admin user svcacct already existing for AD, LDAP, minio users and it's nearly the case for oidc but not documented.
the minio internal algorithm to compute parentUser
Then:
mc admin user svcacct list myminio computed-oidc-parent-user
Then mc return the list of service account linked to the user and all commands work.
So my question is:
is it supported? and the doc should mention if it is.
If it is supported, then mc admin usr svcacct list myminio computedoidcparentuser is in error if the computedoidcparentuser begins with -lsomething. mc think this is a command flag.
The text was updated successfully, but these errors were encountered:
This issue has been automatically marked as stale because it has not had recent activity. It will be closed after 15 days if no further activity occurs. Thank you for your contributions.
In the same way, when using mc admin user svcacct info to track an AccessKey owner, I end up with a hash as the ParentUser.
I would expect the OpenID preferred_username claim value to be used.
Is your feature request related to a problem? Please describe.
As a minio administrator, for security reason i want to have the ability to act on service account created by oidc users with minio-console.
The whole scope of
admin user svcacct
already existing for AD, LDAP, minio users and it's nearly the case for oidc but not documented.Describe the solution you'd like
As i understand the mechanism, the parentUser for oidc external managed user is a sha256 of sub and issuer.
https://github.com/minio/minio/blob/master/cmd/sts-handlers.go#L490
Let say i am an administrator and i know :
Then:
mc admin user svcacct list myminio computed-oidc-parent-user
Then mc return the list of service account linked to the user and all commands work.
So my question is:
The text was updated successfully, but these errors were encountered: